The following resources below are directly from the Office of the National Coordinator for Health Information Technology. Also, in the Resource menu to the right you will find Presidential Decision Directives & Executive Orders, Resources from DHS, FEMA, Public Law & ACTS, along with other Miscellaneous resources and a Glossary of Terms.
Department of Homeland Security (DHS) Resources:
Cyber Resilience Review (CRR): The CRR provides a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The assessment is designed to measure existing organizational resilience as well as provide a gap analysis for improvement based on recognized best practices. For additional information please see: http://us-cert.gov/ccubedvp/self-service-crr.
Cybersecurity Evaluation Tool (CSET) and On-Site Cybersecurity Consulting
Industrial control systems security posture assessments, offered through CSET, a self-assessment tool. Features include a mapping to control systems standards based on the sector as well as a network architecture mapping tool. The tool can be downloaded for self-use or organizations can request a facilitated site visit, which could include basic security assessments, network architectural review and verification, network scanning using custom tools to identify malicious activity and indicators of compromise, and penetration testing. More information is available at: http://ics-cert.us-cert.gov/assessments.
Industrial Control Systems Computer Emergency Readiness Team (ICS-CERT) Recommended Practice: A list of recommended practices aimed at helping industry understand and prepare for ongoing and emerging control systems cybersecurity issues, vulnerabilities, and mitigation strategies. Recommended practices cover topics such as defense-in-depth strategies, cyber forensics, and incident response and are updated on a routine basis to account for emerging issues and practices. Access to recommended practices is provided through: http://ics-cert.us-cert.gov/introduction-recommended-practices.
Cyber Security Advisors (CSAs): CSAs are regionally located DHS personnel who direct coordination, outreach, and regional support to protect cyber components essential to the sustainability, preparedness, and protection of the Nation’s critical infrastructure and SLTT governments. CSAs represent a front line approach and promote resilience of key cyber infrastructures throughout the U.S. and its territories. For more information about CSAs, please email firstname.lastname@example.org (link sends e-mail).
Cyber Information Sharing and Collaboration Program (CISCP) A no-cost information sharing partnership between enterprises and DHS, CISCP creates shared situational awareness across critical infrastructure communities, enhances cybersecurity collaboration between DHS and critical infrastructure owners and operators, and leverages government and industry subject matter expertise to collaboratively respond to cybersecurity incidents. For more information about CISCP, please email email@example.com (link sends e-mail) and download an overview of CISCP.
Stop.Think.Connect.™ Campaign: Launched in 2010, the Stop.Think.Connect.™ Campaign was created to empower Americans to reduce cyber risk online by incorporating safe habits into their online routines. The Campaign was conceived by a coalition of private companies, non-profits, and government organizations, including DHS, through the Anti-Phishing Working Group Messaging Convention and the National Cyber Security Alliance (NCSA)… For more information on how to get involved, visit http://dhs.gov/stopthinkconnect or email firstname.lastname@example.org (link sends e-mail).
Federal Bureau of Investigation (FBI) Resources:
InfraGard: a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. For more information, please visit InfraGard’s public website or contact your local FBI field office
Internet Crime Complaint Center (IC3)
The mission of the Internet Crime Complaint Center is to provide the public with a reliable and convenient reporting mechanism to submit information to the Federal Bureau of Investigation concerning suspected Internet-facilitated criminal activity and to develop effective alliances with law enforcement and industry partners. Information is analyzed and disseminated for investigative and intelligence purposes to law enforcement and for public awareness.